package com.yixia.framework.security;


import com.yixia.common.utils.SecurityUtils;
import com.yixia.framework.web.service.TokenService;
import com.yixia.system.service.system.SysUserService;
import com.yixia.common.core.domain.model.LoginUser;

import com.yixia.common.utils.StringUtil;
import com.yixia.common.utils.StringUtils;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
/**
 * token过滤器 验证token有效性
 **/
@Slf4j
public class JwtAuthenticationFilter extends BasicAuthenticationFilter {

    @Autowired
    private SysUserService sysUserService;
    @Autowired
    private MyUserDetailsServiceImpl myUserDetailsService;
    @Autowired
    private TokenService tokenService;



    private static final String URL_WHITELIST[] ={
            "/login",
            "/logout",
            "/captcha",
            "/password",
            "/image/**",
            "/profile/**",
            "/swagger**/**",
            "/v3/**",
            "/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**"
    } ;

    public JwtAuthenticationFilter(AuthenticationManager authenticationManager) {
        super(authenticationManager);
    }

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
        /*验证token*/
        String token = request.getHeader("Authorization");
        /*获取请求地址*/
        StringBuffer requestURL = request.getRequestURL();
        log.info("请求地址" + request.getRequestURL());

        //对token进行验证
        if(StringUtil.isEmpty(token) || new ArrayList<String>(Arrays.asList(URL_WHITELIST)).contains(requestURL)){
            /*放行*/
            /*token为空或者在白名单*/
            chain.doFilter(request, response);
            return;
        }
        //否则token就存在，判断token的状态
        /*tokenService中根据用户名获取用户实体*/
        LoginUser loginUser = tokenService.getLoginUser(request);

        if(StringUtils.isNotNull(loginUser ) && StringUtils.isNull(SecurityUtils.getAuthentication())){
            tokenService.verifyToken(loginUser);/*对token进行解析，刷新用户登录时间*/
            //此处存储的权限信息是登录时查好的
            UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(loginUser, null, loginUser.getAuthorities());
            authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
            SecurityContextHolder.getContext().setAuthentication(authenticationToken);
        }

        chain.doFilter(request,response);
    }

}
